GitHub - tiiuae/kernel-integrity-checker: Guest VM kernel integrity checker

Ic-loader is a pkvm firmware component that loads the kernel image and the device tree image and checs their integrity and authenticity.

The dummy CA directory is a dummy certificate authority that owns the root key. It signs guest certificates so each guest has their own key pair and guests do not need to know the private key.

Make root key make -C dummy-CA keys
Build ic_loader. The output is file ic_loader.hex make
Sign the guest image. Image names are defined in Makefile IMAGE ?= Image DTB_FILE ?= guest.dtb

the output is ${IMAGE}.sign (image.sign)

make sign_guest

It needs patches for pkvm-kernel and crosvm before ic_loader will work

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
aarch64		aarch64
dummy-CA		dummy-CA
keys		keys
libfdt		libfdt
mbedtls @ 1873d3b		mbedtls @ 1873d3b
scripts		scripts
.gitmodules		.gitmodules
Makefile		Makefile
README.md		README.md
heap.c		heap.c
heap.h		heap.h
ic_loader.c		ic_loader.c
kic_defs.h		kic_defs.h
ld.out		ld.out
mbedconfig.h		mbedconfig.h

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

About

Releases

Packages

Languages

tiiuae/kernel-integrity-checker

Folders and files

Latest commit

History

Repository files navigation

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages